Here is an SOU Internal Audit orientation presentation in PowerPoint.

Here is a presentation from the Institute of Internal Auditing in PowerPoint.

The Institute for Internal Auditing (IIA) Definition of Internal Auditing

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve the University’s operations.  It helps the University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

Mission

It is Internal Audit’s mission to enhance and protect organizational value by providing risk-based and objective assurance, advice and insight. 

Independent and Objective Role

Internal Audit is functionally accountable to the Executive and Audit Committee of the Board of Trustees, but reports administratively directly to the President.

Objectives

It is the objective of Internal Audit to determine whether the University’s network of governance, risk management and control processes, as designed and represented by management, is adequate and functioning in a manner to confirm that:

  1. risks are appropriately identified and managed; specifically including management compliance with laws and regulations;

  2. governance interaction occurs as needed;

  3. significant financial, managerial, and operating information is accurate, reliable and timely;

  4. employee actions comply with policies, standards, procedures, professional ethics and applicable laws and regulations; specifically including privacy and security;

  5. resources are acquired economically, used efficiently and adequately protected; specifically including review of management processes and internal controls and the deterrence, detection and prevention of fraud;

  6. accountability systems are in place to ensure achievement of organizational and program missions, goals, plans, and objectives;

  7. the University’s control processes foster quality and continuous improvement; and

  8. significant legislative or regulatory issues affecting the University are recognized and properly addressed.

Internal Audit communicates opportunities for improving managements’ governance, risk management, control processes, effectiveness and the University’s image to the appropriate level of management.  Significant opportunities and feedback are summarized and reported to the Executive and Audit Committee of the Board of Trustees.

Responsibilities

University management is responsible for establishing a network of processes with the objective of controlling the operations of the University in a manner that provides the Board of Trustees reasonable assurance that:

  1. data and information, whether published internally or externally, is accurate, reliable, timely, transparent and accessible;

  2. the actions of employees comply with the University’s policies, standards, plans and procedures, and all relevant laws and regulations;

  3. the University economically acquires, profitably employees and adequately protects its resources;.

  4. quality business processes and continuous improvement are emphasized; and

  5. the University’s plans, programs, goals, and objectives are achieved.

Controlling is a function of management and is an integral part of the overall process of managing operations. As such, it is the responsibility of managers at all levels of the organization to:

  1. identify and evaluate the exposures to loss that relate to their particular sphere of operations;

  2. specify and establish policies, plans, and operating standards, procedures, systems, and other disciplines to minimize, mitigate, and/or limit the risks associated with the exposures identified;

  3. establish practical controlling processes that require and encourage directors, officers, and employees to carry out their duties and responsibilities in a manner that achieves the five control objectives outlined in the preceding paragraph; and

  4. maintain the effectiveness of the controlling processes they have established and foster continuous improvement to these processes.

It is the responsibility of Internal Audit to:

  1. develop an annual internal audit plan using risk-based methodology including the consideration of any risks or control concerns identified by management;

  2. submit the plan along with a financial budget, human resource plan and any resource limitations or significant interim changes to the President and Executive and Audit Committee of the Board of Trustees for review and approval;

  3. implement the annual internal audit plan and report results to the President and Executive and Audit Committee of the Board of Trustees;

  4. periodically provide information to the President, and Executive and Audit Committee of the Board of Trustees on the status of the annual internal audit plan, the sufficiency of Internal Audit resources relative to its Objectives and Responsibilities, and emerging trends and successful practices in internal auditing;

  5. provide reports to the Executive and Audit Committee of the Board of Trustees and the President on the implementation status of prior audit recommendations;

  6. provide consulting and investigative services, beyond internal audit assurance services, to assist management in meeting their objectives, including participating in the development or modification of major information systems, significant changes in functions, services, processes, operations, control processes or strategies and substantiation of allegations;

  7. provide an annual assessment on the adequacy and effectiveness of the University’s processes for controlling its activities, managing its risks, governance, and the performance of management responsibilities in the areas set forth in Internal Audit’s Objectives;

  8. report significant issues related to the processes for controlling the activities of the University and its applicable affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution;

  9. assist in the investigation of allegations of fraud or fraudulent actions in accordance with the University’s fraud policy;

  10. maintain a professional internal audit function with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this Internal Audit Charter;

  11. report the results of internal and external assessments conducted in association with the Quality Assurance and Improvement Program; and

  12. confirm annually the organizational independence of Internal Audit.

Board of Trustees Authorization and Expectations

Internal Audit is authorized to:

  1. have full, free and unrestricted access to any and all functions, records, information, property, and personnel of the University to the extent permitted by law;    

  2. audit any function, program, account or system deemed necessary and appropriate in its sole judgement, notwithstanding a pre-approved internal audit plan;

  3. have full and free access to the Executive and Audit Committee of the Board of Trustees in whole or in part in conjunction with open meeting laws;

  4. allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish internal audit objectives in accordance with professional Standards;

  5. request the assistance of any and all University employees in fulfilling Internal Audit’s function; 

  6. obtain the necessary assistance of specialized personnel and services from within or outside the organization;

  7. preserve the necessary independence to render objective reports that assure all audit activities, specifically including audit scope, procedures, frequency, timing, report content, finalization and distribution to relevant parties are free from management influence; and

  8. accordingly, only take direction solely from the Executive and Audit Committee.

Internal Audit is not authorized to:

  1. perform, direct or manage any operational duties for the University external to Internal Audit;

  2. accordingly, Internal Audit will not design, implement, or approve internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair, or give the perception of impairing, Internal Audit’s judgment, independence or objectivity;

  3. direct the activities of any University employee not employed by Internal Audit, except to the extent such employees have been appropriately assigned to an internal audit team or to otherwise assist the internal auditor(s);

  4. initiate or approve accounting transactions external to Internal Audit; and

  5. perform internal audits of any area or activity where an Internal Auditor has worked or for which they have been principally responsible for at least two years after they leave the position.

The Board of Trustees expects:

  1. University employees to comply with requests made by Internal Audit in a complete and timely manner.

  2. University employees not to interfere, impede or affect Internal Audit’s necessary independence and objective mental attitude, specifically including: audit selection, scope, procedures, frequency, timing, report content, timely provision of or access to information, timely management response to draft reports, and identification of corrective action taken or to be taken within a specific period of time in response to Internal Audit’s conclusions and recommendations.

  3. Internal Audit’s conclusions and recommendations to be taken seriously and that steps shall be taken to assess conclusions, identify corrective action within specific periods of time and implement recommendations.  

  4. Internal Audit to report any identified non-compliance or acceptance of risk believed to be in excess of the University’s risk tolerance on the part of University programs or employees to the President, the Executive and Audit Committee of the Board of Trustees and/or its Chairperson.